Methods and Systems for Preventing Unauthorized Access to Patient Information

ABSTRACT

An exemplary method includes a privacy management system 1) presenting, within a GUI, a patient list that initially includes a plurality of entries each comprising a plurality of obscured characters representative of patient information associated with a distinct patient included within a plurality of patients, 2) receiving user input representative of a search term comprising a sequence of one or more characters selected to identify a particular patient included within the plurality of patients, and 3) dynamically updating the patient list presented within the GUI in response to the user input by unobscuring a sequence of one or more obscured characters included in each entry of the patient list and that matches the sequence of one or more characters included in the search term and removing each entry included in the plurality of entries that does not include the search term from the patient list presented within the GUI.

RELATED APPLICATIONS

The present application is a continuation-in-part application of U.S.application Ser. No. 12/567,011, filed Sep. 25, 2009, and entitled“Methods and Systems for Preventing Unauthorized Access to PatientInformation,” the contents of which are hereby incorporated by referencein their entirety.

BACKGROUND INFORMATION

The Health Insurance Portability and Accountability Act (“HIPAA”)provides federal protections for personal medical information held bycovered entities and gives patients an array of rights with respect tothat information. For example, HIPAA requires that appropriateadministrative, technical and physical safeguards must be in place toprotect the privacy of patient information (e.g., medical records,patient names, social security numbers, etc.). For example, a medicalfacility, such as a doctor's office or clinic, must ensure that onlyauthorized personnel have access to electronic data representative ofpatient information.

However, when a medical software application has access to a number ofpatient files, it will often display a list of patient names on adisplay screen from which an authorized user (e.g., a hospital staffmember) may select a particular patient's name to access patientinformation corresponding to the patient. However, if the patienthappens to be looking at the display screen while the authorized useraccesses the patient information, the patient may see the list ofpatient names. If this happens, HIPAA laws are violated.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings illustrate various embodiments of theprinciples described herein and are a part of the specification. Theillustrated embodiments are merely examples and do not limit the scopeof the disclosure.

FIG. 1 illustrates an exemplary privacy management system according toprinciples described herein.

FIG. 2 illustrates an exemplary implementation of the system of FIG. 1according to principles described herein.

FIG. 3 illustrates an exemplary computing device according to principlesdescribed herein.

FIG. 4 illustrates an exemplary method of preventing unauthorized accessto patient information according to principles described herein.

FIG. 5 illustrates an exemplary graphical user interface (“GUI”) thatmay be displayed according to principles described herein.

FIG. 6 shows the GUI of FIG. 5 prior to a search term being entered intoa filter row.

FIG. 7 shows the GUI of FIG. 5 after a user has input a search term intoa filter row according to principles described herein.

FIG. 8 shows the GUI of FIG. 5 after a user has input another searchinto a filter row according to principles described herein.

FIG. 9 shows the GUI of FIG. 5 in an enhanced privacy configurationaccording to principles described herein.

FIG. 10 illustrates another exemplary method of preventing unauthorizedaccess to patient information according to principles described herein.

FIGS. 11-12 show various GUIs in which graphical depictions of boxes areused to obscure characters included within various entries included in apatient list according to principles described herein.

Throughout the drawings, identical reference numbers designate similar,but not necessarily identical, elements.

DETAILED DESCRIPTION

Methods and systems for preventing unauthorized access to patientinformation are described herein. As described in more detail below, aprivacy management system may 1) present, within a graphical userinterface, a patient list that initially includes a plurality of entrieseach comprising a plurality of obscured characters representative ofpatient information associated with a distinct patient included within aplurality of patients, 2) receive user input representative of a searchterm comprising a sequence of one or more characters selected toidentify a particular patient included within the plurality of patients,and 3) dynamically update the patient list presented within thegraphical user interface in response to the user input by unobscuring asequence of one or more obscured characters included in each entry ofthe patient list and that matches the sequence of one or more charactersincluded in the search term and removing (e.g., by not displaying) eachentry included in the plurality of entries that does not include thesearch term from the patient list presented within the graphical userinterface. In this manner, as will be described in more detail below,unauthorized access to patient information by a patient or otherbystander physically present in the vicinity of the display screen onwhich the patient list is displayed may be prevented.

As used herein, the term “patient information” refers to any informationassociated with a particular patient. For example, patient informationcorresponding to a patient may include, but is not limited to, a name ofthe patient, a gender of the patient, a birth date of the patient, oneor more medical records of the patient, and/or any other medicalinformation associated with the patient as may serve a particularapplication.

FIG. 1 illustrates an exemplary privacy management system 100 (or simply“system 100”) for preventing unauthorized access to patient dataaccessed or used by medical software applications. System 100 mayinclude, but is not limited to, a presentation facility 102, acommunication facility 104, a privacy facility 106, and a storagefacility 108 selectively and communicatively coupled one to another.

Presentation facility 102 may be configured to present (e.g., displayand/or direct a display device to display) a patient list within agraphical user interface (“GUI”). As will be described in more detailbelow, the patient list may be generated by a medical softwareapplication and may include one or more entries that each includepatient information identifying or otherwise associated with aparticular patient. A user may select one of the entries displayedwithin the patient list to access additional patient information (e.g.,medical records) associated with the patient that corresponds to theselected entry.

In some examples, as will be described in more detail below, each entryincluded in the patient list presented within the GUI may include aplurality of obscured characters representative of the patientinformation associated with each entry. For example, the names of thepatients associated with the entries may be initially obscured by aplurality of obscuring characters, a graphical depiction of a box,and/or in any other suitable manner. In this manner, as will bedescribed in more detail below, unauthorized access to patientinformation by a patient or other bystander physically present in thevicinity of the display screen on which the patient list is displayedmay be prevented.

A medical software application may maintain or access patientinformation corresponding to multiple patients. Hence, to facilitateaccess by a user to patient information associated with a particularpatient, system 100 may include a communication facility 104 configuredto receive user input representative of one or more search terms (alsoreferred to as “filter terms”). The one or more search terms may beinput by a user of a medical software application to narrow the patientlist until the user can identify and select an entry included within thepatient list that corresponds to the particular patient. As will bedescribed in more detail below, each search term input by a user mayinclude a sequence of one or more characters.

Privacy facility 106 may be configured to dynamically update the patientlist in response to the user input received by communication facility104 to only include one or more entries that contain the input searchterm. As will be described in more detail below, privacy facility 106may be further configured to prevent one or more non-search termcharacters contained within each of the entries of the patient list frombeing displayed within the graphical user interface. For ease ofexplanation, the term “non-search term characters” will be used hereinto refer to characters contained within character sequences includedwithin each of the entries of the patient list that do not match asearch term input by a user of a medical software application.

In some examples, privacy facility 106 may be configured to prevent oneor more non-search term characters contained within each of the entriesof the patient list from being displayed within the graphical userinterface by masking or hiding the non-search term characters withobscuring characters. For example, as will be described in more detailbelow, privacy facility 106 may direct presentation facility 102 topresent an obscuring character in place of one or more non-search termcharacters contained within each of the entries of the patient list. Asused herein, an “obscuring character” may include any character (e.g.,an asterisk character, a whitespace character, or any other character)as may serve a particular application. For example, the actualcharacters included in the names of each patient may be obscured byobscuring characters.

Additionally or alternatively, privacy facility 106 may be configured toprevent one or more non-search term characters contained within each ofthe entries of the patient list from being displayed within thegraphical user interface by preventing the entire patient list frombeing displayed within the graphical user interface until the patientlist has been narrowed to include only a single entry. In this manner,as will be described in more detail below, the systems and methodsdescribed herein may comply with varying privacy policies.

In some examples, privacy facility 106 may dynamically update thepatient list in response to user input representative of a search termthat includes a sequence of one or more characters by unobscuring asequence of one or more obscured characters included in each entry ofthe patient list and that matches the sequence of one or more charactersincluded in the search term and removing each entry included in theplurality of entries that does not include the search term from thepatient list. Various manners in which the obscured characters may beunobscured will be described in more detail below.

Storage facility 108 may be configured to maintain patient informationdata 110 and user input data 112. Patient information data 110 mayinclude data representative of patient information corresponding to oneor more patients. User input data 112 may include data representative ofone or more search terms input by a user.

System 100, including facilities 102-108, may include any computerhardware and/or computer-implemented instructions (e.g., software), orcombinations of computer-implemented instructions and hardware,configured to perform one or more of the processes described herein. Inparticular, system 100 may be implemented on one physical computingdevice or may be implemented on more than one physical computing device.Accordingly, system 100 may include any number of computing devices, andmay employ any of a number of computer operating systems. Moreover, itwill be recognized that although facilities 102-108 are shown to beseparate facilities in FIG. 1, any of those facilities may be combinedinto a single facility as may serve a particular application.

Accordingly, one or more of the processes described herein may beimplemented at least in part as instructions executable by one or morecomputing devices. In general, a processor (e.g., a microprocessor)receives instructions, from a computer-readable medium, (e.g., a memory,etc.), and executes those instructions, thereby performing one or moreprocesses, including one or more of the processes described herein. Suchinstructions may be stored and/or transmitted using any of a variety ofknown computer-readable media.

A computer-readable medium (also referred to as a processor-readablemedium) includes any medium that participates in providing data (e.g.,instructions) that may be read by a computer (e.g., by a processor of acomputer). Such a medium may take many forms, including, but not limitedto, non-volatile media and/or volatile media. Non-volatile media mayinclude, for example, optical or magnetic disks and other persistentmemory. Volatile media may include, for example, dynamic random accessmemory (“DRAM”), which typically constitutes a main memory. Common formsof computer-readable media include, for example, a floppy disk, flexibledisk, hard disk, magnetic tape, any other magnetic medium, a CD-ROM,DVD, any other optical medium, a RAM, a PROM, an EPROM, a FLASH-EEPROM,any other memory chip or cartridge, or any other medium from which acomputer can read.

FIG. 2 illustrates an exemplary implementation 200 of system 100 whereina patient information management subsystem 202 (or simply “managementsubsystem 202”) is communicatively coupled to a patient informationaccess subsystem 204 (or simply “access subsystem 204”). As will bedescribed in more detail below, presentation facility 102, communicationfacility 104, privacy facility 106, and/or storage facility 108 may eachbe implemented on one or both of management subsystem 202 and accesssubsystem 204.

Access subsystem 204 may be configured to communicate with and receive asignal and/or data stream containing data representative of patientinformation and/or any other data from management subsystem 202. Accesssubsystem 204 and management subsystem 202 may communicate using anysuitable communication technologies, devices, networks, networkplatforms, media, and protocols supportive of remote datacommunications.

For example, as shown in FIG. 2, management subsystem 202 may beconfigured to communicate with access subsystem 204 over a network 206(and communications links thereto). Network 206 may include one or morenetworks or types of networks capable of carrying communications and/ordata signals between management subsystem 202 and access subsystem 204.For example, network 206 may include, but is not limited to, a cablenetwork, optical fiber network, hybrid fiber coax network, wirelessnetwork (e.g., a Wi-Fi and/or mobile telephone network), satellitenetwork, wireless broadcast network (e.g., a satellite mediabroadcasting network or terrestrial broadcasting network), subscribertelevision network, a provider-specific network, the Internet, anintranet, a local area network, any other suitable network, and anycombination or sub-combination of these networks.

Management subsystem 202 and access subsystem 204 may communicate overnetwork 206 using any suitable communication technologies, devices,media, and protocols supportive of remote data communications,including, but not limited to, data transmission media, communicationsdevices, Transmission Control Protocol (“TCP”), Internet Protocol(“IP”), File Transfer Protocol (“FTP”), Telnet, Hypertext TransferProtocol (“HTTP”), Real Time Protocol (“RTP”), User Datagram Protocol(“UDP”), Ethernet, and any other suitable communications technologies,devices, media, and protocols.

While FIG. 2 shows management subsystem 202 and access subsystem 204communicatively coupled via network 206, it will be recognized thatmanagement subsystem 202 and access subsystem 204 may be configured tocommunicate one with another in any other suitable manner (e.g., via adirect connection).

FIG. 3 illustrates an exemplary computing device 300 that may have anycombination of management subsystem 202 and/or access subsystem 204implemented thereon. Computing device 300 may include one or more of apersonal computer, a client device, a server, a mobile device (e.g., amobile phone device), a handheld device, a phone device, apersonal-digital assistant device, a television device, and/or any othercomputing device configured to perform one or more of the processesand/or operations described herein.

While an exemplary computing device 300 is shown in FIG. 3, thecomponents illustrated in FIG. 3 are not intended to be limiting.Additional or alternative components may be used in other embodiments.Components of computing device 300 shown in FIG. 3 will now be describedin additional detail.

Communication interface 302 may be configured to communicate with one ormore computing devices. Examples of communication interface 302 include,without limitation, a wired network interface (such as a networkinterface card), a wireless network interface (such as a wirelessnetwork interface card), a modem, and any other suitable interface. Inat least one embodiment, communication interface 302 may provide adirect connection between management subsystem 202 and access subsystem204 via a direct link to a network, such as the Internet. Communicationinterface 302 may additionally or alternatively provide such aconnection through, for example, a local area network (such as anEthernet network), a personal area network, a telephone or cablenetwork, a cellular telephone connection, a satellite data connection, adedicated URL, or any other suitable connection. Communication interface302 may be configured to interface with any suitable communicationmedia, protocols, and formats, including any of those mentioned above.

Processor 304 generally represents any type or form of processing unitcapable of processing data or interpreting, executing, and/or directingexecution of one or more of the instructions, processes, and/oroperations described herein. Processor 304 may direct execution ofoperations in accordance with one or more applications 316 or othercomputer-executable instructions such as may be stored in storage device306 or another computer-readable medium. As an example, processor 304may be configured to process data representative of a message generatedby a software application, including encrypting, decrypting, and/orparsing the data.

Storage device 306 may include one or more data storage media, devices,or configurations and may employ any type, form, and combination of datastorage media and/or device. For example, storage device 306 mayinclude, but is not limited to, a hard drive, network drive, flashdrive, magnetic disc, optical disc, RAM, DRAM, other non-volatile and/orvolatile data storage units, or a combination or sub-combinationthereof. Electronic data, including data described herein, may betemporarily and/or permanently stored in storage device 306. Forexample, data representative of one or more executable applications 316(which may include, but are not limited to, one or more of the softwareapplications described herein) configured to direct processor 304 toperform any of the operations described herein may be stored withinstorage device 306. In some examples, data may be arranged in one ormore databases residing within storage device 306.

I/O module 308 may be configured to receive user input and provide useroutput and may include any hardware, firmware, software, or combinationthereof supportive of input and output capabilities. For example, I/Omodule 308 may include hardware and/or software for capturing userinput, including, but not limited to, a keyboard or keypad, a touchscreen component (e.g., touch screen display), a receiver (e.g., an RFor infrared receiver), and/or one or more input buttons.

I/O module 308 may include one or more devices for presenting output toa user, including, but not limited to, a graphics engine, a display(e.g., a display screen, one or more output drivers (e.g., displaydrivers), one or more audio speakers, and one or more audio drivers. Incertain embodiments, I/O module 308 is configured to provide graphicaldata to a display for presentation to a user. The graphical data may berepresentative of one or more graphical user interfaces (“GUIs”), GUIviews, media content views, and/or any other view as may serve aparticular application.

In some examples, any of the facilities described herein may beimplemented by or within one or more components of computing device 300.For example, one or more applications 316 residing within storage device306 may be configured to direct processor 304 to perform one or moreprocesses or functions associated with presentation facility 102,communication facility 104, and/or privacy facility 106. Likewise,storage facility 108 may be implemented by or within storage device 306.

As mentioned, it is often difficult to prevent unauthorized access topatient information displayed on a computer screen or other displaydevice. For example, when a cochlear implant patient is being fitted byan audiologist, a computer screen used by the audiologist to perform thefitting procedure is often visible to the patient. If the audiologisthas not yet opened a patient file corresponding to the patient, thepatient may be able to see a list of all of the other patients whoattend the clinic associated with the audiologist. To this end, themethods and systems described herein prevent unauthorized access topatient information displayed on a display screen that may be accessibleto unauthorized users. As will be described herein, such prevention ofauthorized access may be facilitated by preventing one or morenon-search term characters contained within a patient list from beingdisplayed within a graphical user interface until the patient list isnarrowed to only include a single entry.

FIG. 4 illustrates an exemplary method 400 of preventing unauthorizedaccess to patient information. While FIG. 4 illustrates exemplary stepsaccording to one embodiment, other embodiments may omit, add to,reorder, and/or modify any of the steps shown in FIG. 4. One or more ofthe steps shown in FIG. 4 may be performed by system 100, managementsubsystem 202, and/or access subsystem 204.

In step 402, a patient list is presented within a graphical userinterface. For example, presentation facility 102, which may include orbe implemented on a computing device, may be configured to display agraphical user interface in which patient information corresponding toone or more patients may be displayed. To illustrate, FIG. 5 shows anexemplary GUI 500 that may be displayed on a display screen connected toa personal computer, handheld device, and/or any other computing deviceas may serve a particular application.

As shown in FIG. 5, GUI 500 may include a patient information grid 502configured to display patient information associated with one or morepatients of a particular medical facility, doctor, or other medicalentity. While a patient information grid 502 is shown in FIG. 5, it willbe recognized that other display formats may be used to display patientinformation corresponding to one or more patients.

Patient information grid 502 may include a plurality of columns 504(e.g., columns 504-1 through 504-5) and a plurality of rows 506 (e.g.,rows 506-1 through 506-13). It will be recognized that the patientinformation grid 502 may include any number of columns 504 and rows 506as may serve a particular application. In the example of FIG. 5, patientinformation grid 502 includes a selection column 504-1 configured tofacilitate selection of one or more entries displayed within patientinformation grid 502, a first name column 504-2 configured to display afirst name of the patients associated with the entries displayed withinpatient information grid 502, a last name column 504-3 configured todisplay a last name of the patients associated with the entriesdisplayed within patient information grid 502, a gender column 504-4configured to display a gender of each of the patients associated withthe entries displayed within patient information grid 502, and a birthdate column 504-5 configured to display a birth date of each of thepatients associated with the entries displayed within patientinformation grid 502. Additional or alternative columns may include, butare not limited to, medical identification number columns, socialsecurity number columns, and/or any other type of column configured todisplay patient information therein.

As shown in FIG. 5, patient information grid 502 may include a headerrow 506-1, a filter row 506-2, and a plurality of patient informationrows 506-3. Header row 506-1 may include a name of each of thecategories displayed within the various columns 504. For example, headerrow 506-1 includes headers associated with a first name, a last name, agender, and a birth date of the patients associated with the entriesdisplayed within patient information grid 502. Filter row 506-2 includesone or more input fields 510 (e.g., input fields 510-1 through 510-4)into which a user may input one or more search terms. Patientinformation rows 506-3 through 506-13 may be configured to display apatient list 508 that includes one or more entries each corresponding toa distinct patient.

Returning to FIG. 4, in step 404, user input representative of a searchterm comprising one or more characters selected to identify a particularpatient included within a plurality of patients is received. In someexamples, communication facility 104 may be configured to receive theuser input from a user. For example, medical personnel or otherauthorized users may enter one or more search terms into filter row506-2 to narrow or filter patient list 508 until a desired number ofentries are included within patient list 508. It will be recognized thatfilter row 506-2 is merely illustrative of the many different means forreceiving a user input search term.

As mentioned, the one or more search terms may be input into one or moreof the input fields 510 included within filter row 506-2. For example,if a user desires to access patient information corresponding to apatient with the last name of “Brown,” the user may input a search termthat includes one or more characters included “Brown” into last namefield 510-2. As will be described in more detail below, patient list 508may be dynamically updated to only include entries containing the userinput search term.

In step 406, the patient list is dynamically updated in response to thereceived user input to only include a plurality of entries that containthe search term received in step 404. For example, privacy facility 106may be configured to dynamically update patient list 508 displayed inFIG. 5 as each character within a search term is input into one of theinput fields 510 of filter row 506-2.

In step 408, one or more non-search term characters contained withineach of the entries of the patient list are prevented from beingdisplayed within the graphical user interface. In this manner, as willbe described in more detail below, unauthorized access to patientinformation by a patient or other bystander physically present in thevicinity of the display screen on which the patient list is displayedmay be prevented.

In some examples, privacy facility 106 may be configured to prevent oneor more non-search term characters contained within each of the entriesof the patient list from being displayed within the graphical userinterface by displaying an obscuring character in place of one or morenon-search term characters contained within each of the entries. Forexample, FIG. 6 shows GUI 500 prior to a search term being entered intofilter row 506-2. To prevent patient information from being viewed orotherwise accessed by an unauthorized user, an obscuring character (e.g.obscuring character 602) may be displayed in place of each of thecharacters included within the first and last names of the patients.While only the first and last names are hidden in this manner in FIG. 6,it will be recognized that any other patient information associated witheach of the patients may be hidden in a similar manner. For example, thegender and birth date of each of the patients associated with theentries displayed within patient information grid 502 may be hiddenusing obscuring characters or in any other manner as may serve aparticular application.

The obscuring characters shown in FIG. 6 are asterisk characters forillustrative purposes only. It will be recognized that other types ofobscuring characters may alternatively be used to mask or hide theactual characters included in each of the entries. For example, awhitespace character may be used to mask or hide the actual charactersincluded in each of the entries. In this example, each cell included inthe first and last name columns would appear to be blank.

As a user inputs a search term into one of input fields 510 of filterrow 506-2, patient list 508 may be dynamically updated in real-time toinclude only those entries that contain the search term. For example,FIG. 7 shows GUI 500 after a user has input a search term of “Br” intothe last name field 510-2 of filter row 506-2. As shown in FIG. 7,patient list 508 has been dynamically updated or narrowed to includeonly those entries corresponding to patients that have last names thatstart with “Br”.

As shown in FIG. 7, after the search term “Br” has been entered into thelast name field 510-2, the matching characters of the last namesdisplayed in each entry of patient list 508 may be displayed. In thismanner, a user may see that the entries contained within updated patientlist 508 contain the search term.

At this point, a user may select one of the entries within the patientlist 508 to access additional patient information corresponding to apatient associated with the selected entry. Alternatively, the user mayinput one or more additional search terms to further narrow patient list508. For example, FIG. 8 shows GUI 500 after a user has input the searchterm “M” into the first name field 510-1 of filter row 506-2. As shownin FIG. 8, patient list 508 has been narrowed to include a single entrythat includes both the search term “Br” in the last name field and thesearch term “M” in the first name field. Because patient list 508 onlyincludes a single entry that corresponds to a desired patient, thecharacters included within the entry do not have to be hidden anymore.Hence, as shown in FIG. 8, the obscuring characters previously displayedhave been replaced by the actual characters included within the singleentry. In some examples, once the single entry is displayed withinpatient information grid 502, a user may select the entry in order toaccess additional patient information corresponding to the patientassociated with the entry.

In some alternative embodiments, privacy facility 106 may be configuredto prevent one or more non-search term characters contained within eachof the entries of the patient list from being displayed within thegraphical user interface by preventing the entire patient list frombeing displayed within the graphical user interface until the patientlist has been narrowed to include only a single entry. In this manner,privacy facility 106 may facilitate compliance with relatively morestrict privacy policies.

To illustrate, FIG. 9 shows GUI 500 in an enhanced privacy configurationwherein a patient list is prevented from being displayed within GUI 500until the patient list is narrowed to only include a single entry. Asshown in FIG. 9, a text box 902 may be displayed within GUI 500 thatexplains to the user that the medical software application is operatingin the enhanced privacy configuration and that the patient list must benarrowed to a single result before displaying patient information. Textbox 902 may further include information corresponding to the number ofmatches found for the search terms entered into filter row 506-2. Forexample, FIG. 9 shows that the search term “Brown” has been entered intothe last name field 510-2 of filter row 506-2. Text box 902 indicatesthat 3 entries within a patient list contain a last name of “Brown” andthat the patient list must be narrowed to include a single entry beforepatient information is displayed within GUI 500. In the example of FIG.9, the patient list may be narrowed by inputting an additional searchterm of “M” into the first name field 510-1. Once the patient list hasbeen narrowed, GUI 500 may display the single entry in a similar mannerto that shown in FIG. 8.

FIG. 10 illustrates another exemplary method 1000 of preventingunauthorized access to patient information. While FIG. 10 illustratesexemplary steps according to one embodiment, other embodiments may omit,add to, reorder, and/or modify any of the steps shown in FIG. 10. One ormore of the steps shown in FIG. 10 may be performed by system 100,management subsystem 202 and/or access subsystem 204.

In step 1002, a privacy management system presents, within a GUI, apatient list that initially includes a plurality of entries eachcomprising a plurality of obscured characters representative of patientinformation associated with a distinct patient included within aplurality of patients. Step 1002 may be performed in any of the waysdescribed herein.

In step 1004, the privacy management system receives user inputrepresentative of a search term comprising a sequence of one or morecharacters selected to identify a particular patient included within theplurality of patients. Step 1004 may be performed in any of the waysdescribed herein.

In step 1006, the privacy management system dynamically updates thepatient list presented within the GUI in response to the user input.This may be performed by 1) unobscuring a sequence of one or moreobscured characters included in each entry of the patient list and thatmatches the sequence of one or more characters included in the searchterm and 2) removing each entry included in the plurality of entriesthat does not include the search term from the patient list presentedwithin the GUI.

For example, the obscured characters included in the plurality ofentries may be obscured by presenting an obscuring character in place ofeach actual character included in the plurality of entries. In thiscase, the privacy management system may unobscure the sequence of one ormore obscured characters by graphically replacing the one or moreobscured characters with the sequence of one or more characters includedin the search term, as described above.

Alternatively, the obscured characters included in the plurality ofentries may be obscured by presenting, within the GUI, a graphicaldepiction of one or more boxes that hide the obscured characters. Toillustrate, FIG. 11 shows GUI 500 prior to a search term being enteredinto filter row 506-2. To prevent patient information from being viewedor otherwise accessed by an unauthorized user, a graphical depiction ofa box (e.g., box 1102) may be presented in a manner that covers or hidesthe characters included in the first and last names of each of thepatients included in patient list 508. As shown, the size of each boxmay be proportional to the number of characters included in each name.In this manner, the relative length of each name may be graphicallyportrayed.

As a user inputs a search term into one of input fields 510 of filterrow 506-2, patient list 508 shown in FIG. 11 may be dynamically updatedin real-time to include only those entries that contain the search term.For example, a size of one or more of the boxes shown in FIG. 11 may bereduced to expose the actual characters included in the search termincluded in each of the entries that contain the search term.

To illustrate, For example, FIG. 12 shows GUI 500 after a user has inputa search term of “Br” into the last name field 510-2 of filter row506-2. As shown in FIG. 12, patient list 508 has been dynamicallyupdated or narrowed to include only those entries corresponding topatients that have last names that start with “Br”.

As shown in FIG. 12, after the search term “Br” has been entered intothe last name field 510-2, the matching characters of the last namesdisplayed in each entry of patient list 508 may be displayed by reducinga size of the boxes (e.g., box 1202) that obscure the charactersincluded in the entries included in patient list 508. In this manner, auser may see that the entries contained within updated patient list 508contain the search term.

In the preceding description, various exemplary embodiments have beendescribed with reference to the accompanying drawings. It will, however,be evident that various modifications and changes may be made thereto,and additional embodiments may be implemented, without departing fromthe scope of the invention as set forth in the claims that follow. Forexample, certain features of one embodiment described herein may becombined with or substituted for features of another embodimentdescribed herein. The description and drawings are accordingly to beregarded in an illustrative rather than a restrictive sense.

What is claimed is:
 1. A method comprising: presenting, by a privacy management system within a graphical user interface, a patient list that initially includes a plurality of entries each comprising a plurality of obscured characters representative of patient information associated with a distinct patient included within a plurality of patients; receiving, by the privacy management system, user input representative of a search term comprising a sequence of one or more characters selected to identify a particular patient included within the plurality of patients; and dynamically updating, by the privacy management system, the patient list presented within the graphical user interface in response to the user input by unobscuring a sequence of one or more obscured characters included in each entry of the patient list and that matches the sequence of one or more characters included in the search term, and removing each entry included in the plurality of entries that does not include the search term from the patient list presented within the graphical user interface.
 2. The method of claim 1, further comprising: receiving, by the privacy management system, additional user input representative of an additional search term comprising a sequence of one or more characters; determining, by the privacy management system, that only a single entry included in the plurality of entries contains the search term sequentially followed by the additional search term; and dynamically updating, by the privacy management system, the updated patient list presented within the graphical user interface in response to the additional user input by unobscuring all of the obscured characters included in the single entry, and removing all of the entries included in the plurality of entries other than the single entry from the updated patient list presented within the graphical user interface.
 3. The method of claim 2, further comprising presenting, by the privacy management system within the graphical user interface, additional patient information associated with the particular patient in response to a user selection of the single entry.
 4. The method of claim 1, further comprising: presenting, by the privacy management system, a patient information grid within the graphical user interface, the patient information grid comprising a plurality of columns and rows; wherein the presenting of the patient list comprises presenting each entry included in the plurality of entries within a distinct row of the patient information grid.
 5. The method of claim 4, wherein one of the rows within the patient information grid comprises a filter row with one or more input fields, and wherein the receiving of the user input comprises receiving data input into at least one of the one or more input fields.
 6. The method of claim 1, wherein the patient information comprises at least a first and a last name of each of the plurality of patients.
 7. The method of claim 1, wherein the obscured characters included in the plurality of entries are obscured by presenting an obscuring character in place of each actual character included in the plurality of entries.
 8. The method of claim 7, wherein the obscuring character comprises at least one of an asterisk character and a whitespace character.
 9. The method of claim 7, wherein the unobscuring of the sequence of one or more obscured characters comprises graphically replacing the one or more obscured characters with the sequence of one or more characters included in the search term.
 10. The method of claim 1, wherein the obscured characters included in the plurality of entries are obscured by presenting, within the graphical user interface, a graphical depiction of one or more boxes that hide the obscured characters.
 11. The method of claim 10, wherein, for a particular entry, the unobscuring comprises reducing a size of the graphical depiction of the one or more boxes to expose the sequence of one or more characters included in the particular entry.
 12. The method of claim 1, embodied as computer-executable instructions on at least one non-transitory computer-readable medium.
 13. A method comprising: presenting a patient list within a graphical user interface; receiving user input representative of a search term comprising one or more characters selected to identify a particular patient included within a plurality of patients; dynamically updating the patient list in response to the received user input to only include a plurality of entries that contain the search term, each of the entries comprising patient information associated with a distinct one of the patients; preventing one or more non-search term characters contained within each of the plurality of entries included in the updated patient list from being displayed within the graphical user interface by displaying one or more obscuring characters in place of the one or more non-search term characters contained within each of the entries included in the updated patient list; and displaying the entries included in the updated patient list within the graphical user interface.
 14. The method of claim 13, wherein the obscuring character comprises at least one of an asterisk character and a whitespace character.
 15. The method of claim 13, embodied as computer-executable instructions on at least one non-transitory computer-readable medium.
 16. A system comprising: a presentation facility configured to present, within a graphical user interface, a patient list that initially includes a plurality of entries each comprising a plurality of obscured characters representative of patient information associated with a distinct patient included within a plurality of patients; a communication facility selectively and communicatively coupled to the presentation facility and configured to receive user input representative of a search term comprising a sequence of one or more characters selected to identify a particular patient included within the plurality of patients; and a privacy facility selectively and communicatively coupled to the display facility and to the communication facility and configured to unobscure a sequence of one or more obscured characters included in each entry of the patient list and that matches the sequence of one or more characters included in the search term, and remove each entry included in the plurality of entries that does not include the search term from the patient list presented within the graphical user interface.
 17. The system of claim 16, wherein the obscured characters included in the plurality of entries are obscured by the privacy facility presenting an obscuring character in place of each actual character included in the plurality of entries.
 18. The system of claim 17, wherein the privacy facility is configured to unobscure the sequence of the one or more obscured characters by graphically replacing the one or more obscured characters with the sequence of one or more characters included in the search term.
 19. The system of claim 16, wherein the obscured characters included in the plurality of entries are obscured by the privacy facility presenting, within the graphical user interface, a graphical depiction of one or more boxes that hide the obscured characters.
 20. The system of claim 19, wherein, for a particular entry, the privacy facility is configured to unobscure the sequence of the one or more obscured characters by reducing a size of the graphical depiction of the one or more boxes to expose the sequence of one or more characters included in the particular entry. 